Greetings from Portsmouth, New Hampshire!
Summer is unofficially over. The kids are back in school, and lawmakers are wrapping up their summer recess and headed back to Congress next week.
This week, a hot topic in my house was the dreaded "What I did during summer break?" icebreaker on the first day of school. Not surprisingly, there was lots of groaning during the story retellings.
And then I wondered what this activity might look like from a privacy perspective because while privacy is busy all year long, this summer was jam-packed, earning itself the moniker #hotprivacysummer.
While we typically publish reflections at the end of the year, an end-of-summer reflection seems appropriate considering how much news happened. Below are a few of the highlights for #hotprivacysummer, U.S. edition.
In May, the Senate confirmed Alvaro Bedoya, who became the fifth and — at the time — final commissioner of the Federal Trade Commission. That agency will be down a spot shortly as Commissioner Noah Philips announced in August that he would resign this fall. The FTC also voted 5-0 to adopt a policy statement regarding increased scrutiny of Children's Online Privacy Protection Act violations involving education technology companies.
The California Privacy Protection Agency Board announced rulemaking was an area of enforcement for California Privacy Rights Act rulemaking. It also unexpectedly released its first draft regulations.
In June, members of Congress introduced the American Data Privacy and Protection Act. In July, it became the first federal legislation voted out of committee and could potentially head to the House floor for a vote. You can find the latest on the ADPPA in the IAPP Resource Center. The Supreme Court overturned Roe v. Wade. The decision affects civil liberties, and the privacy implications of the ruling are still being determined. At the state level, the CPPA board officially launched the California Privacy Rights Act rulemaking process.
In July, U.S. President Joe Biden signed an executive order to protect reproductive health care services, including commitments related to privacy protections. The FTC committed to enforcing the law against the "shadowy (advertising technology) and data broker ecosystem" regarding the handling of location data and sensitive health data. During a markup session, the Senate Committee on Commerce, Science and Transportation passed two children's privacy bills. They're not on the Senate calendar yet, but we will keep you updated.
Kicking off August, the FTC announced it would begin to explore privacy rulemaking. The agency voted 3-2 along party lines to file the Advance Notice of Proposed Rulemaking that would "crack down on harmful commercial surveillance and lax data security." The ANPR was filed with the Federal Register Aug. 2, and the deadline for public comments is Oct. 21. The agency also announced it will hold a forum to discuss plans and hear public feedback on the rulemaking process.
Finally, and just under the wire, the California Legislature unanimously passed the California Age-Appropriate Design Code Act Aug. 30. The legislation is headed to Gov. Gavin Newsom, D-Calif., for signature. If enacted, the bill would go into effect Jan. 1. 2024. IAPP Staff Writer Joe Duball had details and reactions in a piece for The Privacy Advisor.
So, there you have it: A look at what privacy did this summer and an inadvertent reading list while you're relaxing on a beach or porch this weekend.